Resolving Security Issues Before Enabling Trusted Extensions

For each system on which Trusted Extensions will be configured, you need to
make some configuration decisions. For example, you need to decide whether to install
the default Trusted Extensions configuration or customize your configuration.

Secure System Hardware and Make Security Decisions Before Enabling Trusted Extensions

For each system on which Trusted Extensions is going to be configured,
make these configuration decisions before enabling the software.

Decide how securely the system hardware needs to be protected.

At a secure site, this step is performed on every Oracle Solaris
system.

For SPARC systems, choose a PROM security level and provide a password.

For x86 systems, protect the BIOS.

On all systems, protect root with a password.

Prepare your label_encodings file.

If you have a site-specific label_encodings file, the file must be checked
and installed before other configuration tasks can be started. If your site does
not have a label_encodings file, you can use the default file that Oracle
supplies. Oracle also supplies other label_encodings files, which you can find in
the /etc/security/tsol directory. The Oracle files are demonstration files. They might not be
suitable for production systems.

From the list of labels in your label_encodings file, make a list of
the labeled zones that you plan to create.

For the default label_encodings file, the labels are the following, and the zone names
can be similar to the following:

Full Label Name

Proposed Zone Name

PUBLIC

public

CONFIDENTIAL: INTERNAL USE ONLY

internal

CONFIDENTIAL: NEED TO KNOW

needtoknow

CONFIDENTIAL : RESTRICTED

restricted

Note - The automatic configuration method creates the public and internal zones.

Decide when to create roles.

Your site's security policy can require you to administer Trusted Extensions by assuming
a role. If so, or if you are configuring the system to satisfy
criteria for an evaluated configuration, you must create these roles early in the
configuration process.

If you are not required to configure the system by using discrete
roles, you can choose to configure the system in the root role. This method
of configuration is less secure. The root role can perform all tasks on
the system, while other roles typically perform a more limited set of tasks.
Therefore, configuration is more controlled when being performed by the roles that you
create.

Decide other security issues for each system and for the network.

For example, you might want to consider the following security issues:

Determine which devices can be attached to the system and allocated for use.

Identify which printers at what labels are accessible from the system.

Identify any systems that have a limited label range, such as a gateway system or a public kiosk.

Identify which labeled systems can communicate with particular unlabeled systems.